HFNetChk

HFNetChk is a command-line tool that enables an administrator to check the patch status of all the machines in a network from a central location. The tool does this by referring to an XML database that’s constantly updated by Microsoft.

HFNetChk can be run on Windows NT 4.0 or Windows 2000 systems, and will scan either the local system or remote ones for patches available for the following products:

Windows NT 4.0

Windows 2000

All system services, including Internet Information Server 4.0 and 5.0

SQL Server 7.0 and 2000 (including Microsoft Data Engine)

Internet Explorer 5.01 and later

The HFNetChk tool uses an Extensible Markup Language (XML) file that contains information about which hotfixes are available for each product. The XML file contains security bulletin name and title, and detailed data about product-specific security hotfixes, including: files in each hotfix package and their file versions and checksums, registry keys that were applied by the hotfix installation package, information about which patches supersede which other patches, related Microsoft Knowledge Base article numbers, and much more.

When you run the HFNetChk tool for the first time from a command line (without any switches), the tool must obtain a copy of this XML file so that the tool can find the hotfixes that are available for each product. The XML file is available on the Microsoft Download Center Web site in compressed form. The file is a digitally signed .cab file. HFNetChk downloads the .cab file, verifies the signature, and then decompresses the .cab file to your local computer. Note that a .cab file is a compressed file that is similar to a .zip file.

After the .cab file is decompressed, HFNetChk scans your computer (or the selected computers) to determine the operating system, service packs, and programs that you are running. HFNetChk then parses the XML file and identifies security patches that are available for your combination of installed software. Patches that are available for your computer but are not currently installed on your computer are displayed as “Patch NOT Found” in the resulting output. In the default configuration, HFNetChk output displays only those patches that are necessary to bring your computer up to date. HFNetChk recognizes roll-up packages and does not display those patches that are superseded by later patches.

HFNetChk first examines the computer to determine if the registry key that is associated with the patch exists. If the registry key does not exist, the patch is considered not installed. If the registry key does exist, HFNetChk searches for the related files on the computer and compares the file version and checksum from the XML file to the file version and checksum of the files on the computer. If any of the file tests are not successful, the hotfix is listed as “Patch NOT Found”.

Internet Explorer 5.01 or greater or an XML parser (Microsoft XML Parser 3.0 Service Pack 2 Release) is required for the tool to function correctly. XML parsers are included in Internet Explorer 5.01 and later. If you are running Internet Explorer 5.01 or greater, you do not need to install a separate parser. If you are running an earlier version of Internet Explorer and you do not want to upgrade to Internet Explorer 5.01 or greater, you may download and install a stand-alone version of the Microsoft XML Core Services 4.0 SP2.

To run HFNetChk:

Download the Nshc33.exe file.

Double-click the Nshc33.exe file that you downloaded, and then follow the installation instructions.

Read the End-user License Agreement (EULA).

At a command prompt, locate the folder that you created.

Type hfnetchk -v -z -s 1, and then press Enter.

The tool will connect to Microsoft’s website and download the XML file that contains information about which hotfixes are available for each product.

Update on the HFNetChk tool and usage:

HFNetChk is also available through the MBSA V1.2.1 command line interface, mbsacli.exe /hf.

The HFNetChk tool that you execute by using the mbsacli /hf command, is a command-line tool that you can use to assess a computer or selected group of computers for the absence of security patches. You can use HFNetChk to assess the patch status for the Windows NT 4.0 and Windows 2000 operating systems, as well as hotfixes for IIS 4.0, IIS 5.0, SQL Server 7.0, SQL Server 2000 (including MSDE), Exchange Server 5.5, Exchange Server 2000, Windows Media Player, and Internet Explorer 5.01 or later.

The HFNetChk tool uses an Extensible Markup Language (XML) file that contains information about which hotfixes are available for each product. The XML file contains the security bulletin name and title, and detailed data about product-specific security hotfixes, including the following items (and much more):

Files in each HotFix package and their file versions and checksums.

Registry keys that the HotFix installation package applies.

Information about which patches replace other patches.

Related Microsoft Knowledge Base article numbers.

When you run the HFNetChk tool for the first time from a command line (without any switches), the tool must obtain a copy of this XML file so that the tool can find the hotfixes that are available for each product. The XML file is available on the Microsoft Download Center Web site in compressed form. The file is a digitally signed .cab file. HFNetChk downloads the .cab file, verifies the signature, and then decompresses the .cab file to your local computer. Note that a .cab file is a compressed file that is similar to a .zip file. If the CAB file is not downloaded, HFNetChk tries to download an uncompressed copy of this file from Microsoft.

After the .cab file is decompressed, HFNetChk scans your computer (or the selected computers) to determine the operating system, service packs, and programs that you are running. HFNetChk then parses the XML file and identifies security patches that are available for your combination of installed software. Patches that are available for your computer but are not currently installed on your computer are displayed as “Patch NOT Found” in the resulting output. In the default configuration, HFNetChk output displays only those patches that are necessary to bring your computer up to date. HFNetChk recognizes roll-up packages and does not display those patches that are superseded by later patches.